CVE-2023-41164
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Nov 3, 2023
Updated: Apr 20, 2024
CWE ID 1284
Summary
CVE-2023-41164 is a denial-of-service vulnerability affecting Django versions 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5. Malicious inputs containing a large number of Unicode characters can cause django.utils.encoding.uri_to_iri() function to consume excessive system resources, resulting in a denial-of-service condition. This issue may lead to server overload and potential service disruption. It is recommended that affected Django users upgrade to the latest stable version to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Django
- Fedora Operating System
Affected Vendors
- Django Software Foundation
- Fedora Project